[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
62/104: etc: Add a systemd unit to bind-mount @storedir@ read-only.
|
From: |
guix-commits |
|
Subject: |
62/104: etc: Add a systemd unit to bind-mount @storedir@ read-only. |
|
Date: |
Sun, 17 May 2020 11:36:42 -0400 (EDT) |
nckx pushed a commit to branch core-updates
in repository guix.
commit 301572aa87a9587465277d48325dd88fcbf1b312
Author: Tobias Geerinckx-Rice <address@hidden>
AuthorDate: Thu May 14 15:13:12 2020 +0200
etc: Add a systemd unit to bind-mount @storedir@ read-only.
* etc/gnu-store.mount.in: New file.
* nix/local.mk (nodist_systemdservice_DATA): Add it.
(etc/%.mount): New rule for it.
* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
* doc/guix.texi (Binary Installation): Document it.
* .gitignore: Ignore changes to it.
---
.gitignore | 1 +
doc/guix.texi | 5 +++--
etc/gnu-store.mount.in | 14 ++++++++++++++
etc/guix-install.sh | 12 +++++++++---
nix/local.mk | 12 +++++++++++-
5 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/.gitignore b/.gitignore
index cc5ceb5..05a68b6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -66,6 +66,7 @@
/doc/stamp-vti
/doc/version.texi
/doc/version-*.texi
+/etc/gnu-store.mount
/etc/guix-daemon.cil
/etc/guix-daemon.conf
/etc/guix-daemon.service
diff --git a/doc/guix.texi b/doc/guix.texi
index d043852..90324ce 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -659,9 +659,10 @@ with these commands:
@c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
@example
-# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
+ ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
/etc/systemd/system/
-# systemctl enable --now guix-daemon
+# systemctl enable --now gnu-store.mount guix-daemon
@end example
If your host distro uses the Upstart init system:
diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
new file mode 100644
index 0000000..c94f2db
--- /dev/null
+++ b/etc/gnu-store.mount.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=Read-only @storedir@ for GNU Guix
+DefaultDependencies=no
+ConditionPathExists=@storedir@
+Before=guix-daemon.service
+
+[Install]
+WantedBy=guix-daemon.service
+
+[Mount]
+What=@storedir@
+Where=@storedir@
+Type=none
+Options=bind,ro
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 4909d3f..d252c13 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
_msg "${PAS}enabled Guix daemon via upstart"
;;
systemd)
- { cp
"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
+ { # systemd .mount units must be named after the target directory.
+ # Here we assume a hard-coded name of /gnu/store.
+ cp
"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
+ /etc/systemd/system/;
+ chmod 664 /etc/systemd/system/gnu-store.mount;
+
+ cp
"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/guix-daemon.service;
@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
fi;
systemctl daemon-reload &&
- systemctl start guix-daemon &&
- systemctl enable guix-daemon; } &&
+ systemctl start gnu-store.mount guix-daemon &&
+ systemctl enable gnu-store.mount guix-daemon; } &&
_msg "${PAS}enabled Guix daemon via systemd"
;;
sysv-init)
diff --git a/nix/local.mk b/nix/local.mk
index a64bdd2..435fdd3 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -155,7 +155,17 @@ noinst_HEADERS =
\
# The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system
-nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service
+nodist_systemdservice_DATA = \
+ etc/gnu-store.mount \
+ etc/guix-daemon.service \
+ etc/guix-publish.service
+
+etc/%.mount: etc/%.mount.in \
+ $(top_builddir)/config.status
+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
+ "$<" > "$@.tmp"; \
+ mv "$@.tmp" "$@"
etc/guix-%.service: etc/guix-%.service.in \
$(top_builddir)/config.status
- 29/104: gnu: kicad: Re-use common fields in add-ons., (continued)
- 29/104: gnu: kicad: Re-use common fields in add-ons., guix-commits, 2020/05/17
- 42/104: gnu: Add rawdog., guix-commits, 2020/05/17
- 43/104: gnu: Add openjdk13., guix-commits, 2020/05/17
- 44/104: gnu: Add openjdk14., guix-commits, 2020/05/17
- 47/104: gnu: flowee: Update to 2020.03.3., guix-commits, 2020/05/17
- 48/104: gnu: wine-staging-patchset-data: Update to 5.8., guix-commits, 2020/05/17
- 51/104: gnu: Don't use NAME in (gnu packages suckless) URIs., guix-commits, 2020/05/17
- 53/104: gnu: fortify-headers: Update to 1.1., guix-commits, 2020/05/17
- 55/104: gnu: Support cross-gccs in (gnu packages suckless)., guix-commits, 2020/05/17
- 60/104: gnu: youtube-dl: Update to 2020.05.08., guix-commits, 2020/05/17
- 62/104: etc: Add a systemd unit to bind-mount @storedir@ read-only.,
guix-commits <=
- 45/104: gnu: Add lldpd., guix-commits, 2020/05/17
- 50/104: gnu: lchat: Update to 0.0.0-4.e3b64e6., guix-commits, 2020/05/17
- 58/104: gnu: utf8proc: Update to 2.5.0., guix-commits, 2020/05/17
- 61/104: gnu: z3: Update to 4.8.8., guix-commits, 2020/05/17
- 71/104: gnu: gnome-shell-extension-dash-to-dock: Update to 67., guix-commits, 2020/05/17
- 56/104: gnu: Order (gnu packase suckless) module imports., guix-commits, 2020/05/17
- 59/104: gnu: console-setup: Update to 1.195., guix-commits, 2020/05/17
- 54/104: gnu: libutf: Use GIT- helpers., guix-commits, 2020/05/17
- 57/104: gnu: utf8proc: Factor out UNICODE_VERSION., guix-commits, 2020/05/17
- 64/104: gnu: bap: Update to 2.0.0., guix-commits, 2020/05/17